New Features

The list below contains all of the 'new' features in Endpoint 10. Don't forget to also read what improvements we've made.

Sophos Patch Assessment1

The new patch assessment feature allows you to deploy an agent to endpoint computers that will identify missing patches and send this information back to the server, where you can view it in Sophos Enterprise Console.

Patch assessment monitors the most widely used products from Adobe, Apple, Citrix, Microsoft and others. SophosLabs rates patches as critical, high, medium and low and tells you which threats a patch prevents so you can easily identify the most important ones.

Web Filtering1

You can now restrict access to certain categories of websites in order to control web usage and avoid any impact on workplace productivity.

Like web content scanning, this feature supports the five major browsers: Internet Explorer, Firefox, Chrome, Safari, and Opera.

Can be used in two different configurations:

Endpoint only to control use of inappropriate websites which requires no extra hardware or software.

Full-disk encryption integrated into Endpoint 10 with no separate deployment or console required. Easily install full-disk encryption to your computers in just six clicks. Then check status, policy and user activity simply in our console.

Please note that integrated Full Disk Encryption is not yet available in Enterprise Console 5.0; it will be available in Enterprise Console 5.1, currently scheduled for release in the second quarter of 2012.

Improvements

Console installer

Fewer restarts required when upgrading.

The Upgrade Advisor is not a separate program and now runs during the installation and hence does not have to be run before the installer.

New Installer Framework. There are now multiple Microsoft installer (MSI) files that gives you greater control of the installation. Also if you need to install the database via scripts they are automatically extracted and available if required.

During the installation you can select an existing SQL Server instance for the Sophos database or choose to create a new SOPHOS instance. You cannot create a SQL instance of another name during the installation of the Console.

Console

Search function in console to locate a computer, by hostname or IP address, or range of computers by hostname. You can access the menu option from the console under: Edit | Find a computer (Ctrl+F). You can even use wildcards (*, ?) to find a range of computers matching the search term.

Management Console has a new color scheme and iconography, but there is no significant change to the layout.

Now that we have introduced new features that generate events, we have given the event viewers more prominence in the console. You launch an event viewer from the Events menu in the taskbar at the top of the console.

Endpoint

Faster start-up/boot times for computers.

Increased on-access and on-demand scanning performance.

Web content scanning protection has been re-written and is no longer dependent on Browser Helper Objects (BHO) that are only applicable to Internet Explorer. Web content scanning now supports all leading browsers Internet Explorer, Firefox, Chrome, Safari and Opera and with no BHO dependency making it more secure and tamperproof.

The on-access scanner default settings are now set for best protection. The table below shows a comparison between the current default settings and the default setting of the previous version of Sophos Anti-Virus. Note: The settings shown below are for a new install of Enterprise Console v5 and Sophos Anti-Virus v10. If you perform an upgrade your existing policy settings will be used.

On-demand and scheduled scanning: The option to 'Automatically clean up items that contain virus/malware' is enabled for new on-demand scans. Right-click scans and Scan my computer will still retain the old setting and do not provide automatic clean up.

Endpoint changes to functionality that affects menus and terminology

The following menu options and wording have also been changed:

'Scan for suspicious files (HIPS)' has changed to 'Scan for suspicious files' as the scanning of suspicious files is not done at run-time like HIPS detections are.

'Suspicious behavior' has been changed to 'Behavior Monitoring'

Behavior Monitoring is now split into five options (three options were present in 9.7)

'Alert only' options exist for both suspicious behavior and BOPS. Note: If you selected the 'Alert only' option in version 9.7 both HIPs and BOPs settings will inherit the 'Alert only' option.

'Alert only' option only relates to suspicious behavior and does not relate to malicious behavior.

Disabling ‘malicious behavior’ will disable HIPS scanning.

The 'Options' tab under on-access settings has been removed and the settings previously shown there have moved to the 'Scanning' tab.

Virus alerting to the end user

Whether a threat has been cleaned up or not the end user will see a balloon message advising of the detection and that it has been moved to the quarantine manager.

We have designed the alerting this way as, and to not show a success or failure message due to:

At the time of the alert it is not possible to determine the precise outcome of the cleanup routine - if one is set. Hence for best protection it is advisable to alert the end user.

A secondary message to advise of the outcome could, in certain scenarios, bombard the user (i.e., file infectors).

Virus reporting to the console

Due to the change in enabling automatic cleanup, virus alerts that correspond to a threat that has been successfully dealt with, will not appear on the console Dashboard and there will no warning shown against the computer (because there is no action required on your part). However you will see detections and actions under the computer details for a computer for reference and the detections will appear in any threat reports you run.